The utility of computers and development of relatively low cost computer solutions has resulted in a reliance on the computers and network resources for many facets of personal and business related activities. For instance, computers are heavily relied on by businesses for, e.g., telecommuting, obtaining news and stock market information, trading, banking, shopping, shipping, communicating in the form of Voice Internet protocol (VoiceIP) [see International Telecommunications Union (ITU) Recommendation H.323 titled “Packet-based Multimedia Communication Systems,” published in November 2000 and available from “www.itu.int” (“H.323 Specification”)] and email, as well as other services. For many individuals even, personal computers represent an essential tool for their livelihood.
A key issue for the utilization of personal computers for transacting business across a network is the maintenance of accurate time. Maintaining an accurate time directly affects not only the security of transactions via, e.g., security certificates, but also the ability to maintain proper operation of the computer system. For instance, Kerberos is a network authentication protocol that uses strong cryptography so that a client can prove its identity to a server and vice versa via an insecure network connection. In particular, the Kerberos Authentication System uses a series of encrypted messages to prove to a verifier that a client is running on behalf of a particular user. The verifier checks the timestamp on the messages to make sure that the authenticator is fresh. If the timestamp is within a specified time window, which is typically five minutes, centered around the current time on the verifier, the verifier may accept the message as authentic. However, if the system time on, e.g., the verifier or a message is inaccurate and, as a result, the timestamp appears to be more than, e.g., five minutes old, the verifier will not consider the message to be fresh and will reject message.
As a further illustration, a system administrator may review system logs and error logs to track down the source of a problem on a computer system. However, if the time indications for the system events are not precise, let alone accurate, the system administrator will have a much more difficult job trying to figure out the source of the problem. This situation is exacerbated when the system log is from, e.g., a network server, the error log is from a workstation, and one or both of the logs have inaccurate timestamps. Thus, the system administrator may be unable to correlate events at the workstation with events at the network server.
A problem that has evolved along with the proliferation of computers and networks is that non-trusted users such as hackers who interact with a computer system directly or remotely via software, viruses, and worms. One common tactic is to modify the time of one or more of the systems in a computer network. Modifying the time on a workstation some number of years into the past may allow a hacker to gain access to confidential data on the network via an expired security certificate. Such attacks are categorized as penetration attacks.
On the other hand, modifying the system time some number of years into the future can cause the system to deny valid certificates from other, trusted users. Such attacks are often referred to as denial of service attacks and they can literally freeze communications for the particular computer system and possibly throughout the entire network. The Kerberos authentication protocol, for instance, requires that the clocks are synchronized within minutes of one another so an attacker can successfully execute a “Denial Of Service attack” if the attacker can modify one or both of the clocks by mere minutes.
Current solutions involve security measures to prevent non-trusted users from gaining access remotely via direct communications or a virus or worm, but as the security measures available improve, the attacks implement more sophisticated tactics to circumvent the security measures. Solutions may also establish a single, trusted time source. A single, trusted time source is established for a network because the system time on individual workstations can be modified by other non-trusted sources including the designated user of the workstation who may purposely or inadvertently facilitate access to the system time. Establishing the single, trusted time source to access for time indications for validating certificates and creating logs, however, requires that each computer system to access the time source each time, or at least often, to attenuate the problems associated with utilizing the non-trusted time source. Having every computer on the network validate security certificates and create logs by accessing the trusted time source for the time can significantly impact bandwidth as well as latencies involved with processing transactions.